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DETAILED ACTION 

Claims 1-32 are pending for examination. 

Claims 1, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 23, 24, 27, 28, 31, and 32 are amended. 
Claims 1-32 are rejected. 

Response to Arguments 

1 . Applicant's arguments filed with respect to claims 1 -32 have been fully 
considered but they are not persuasive. Applicant argues that cited references Foster 
(US 2003/0204618), Dalton (WO 99/14931), and Fink (US 6 496 935) do not teach the 
limitations of the claims. 1 0781 792 

2. 10 

3. Applicant argues with respect to claims 1 0, 1 1 , 1 6, 1 7, 20, 24, 28, and 32 that 
neither Dalton nor Foster teaches newly added limitations of "deciding on, according to 
an algorithm prescribed by a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet control 
device exchanges with the other packet control device in a network; registering the path 
by the deciding to a routing table." Applicant cites Foster as teaching a VI table for 
routing, and further states that the virtual identifier "identifies a path between devices." 
However, Foster further teaches that the assignment of paths to such virtual path 
identifiers may be done dynamically (paragraph 16). As described, the path may be 
configured by the network manager such that each device in the path is configured 
between the source and destination. As such, the network manager exchanges 
information regarding a route with the packet forwarding device, and the packet is 
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forwarded based on information exchanged and set by the network manager, which is 
then set in the VI routing table to determine which interface is used to forward the 
packet. Thus, the previous rejection of claims 10, 11, 16, 17, 20, 24, 28, and 32 is 
maintained in view of Dalton and Foster. 

4. Regarding claims 1 , 2, 4, 6, 8, 12, 14, and 18, applicant makes similar arguments 
to those with respect to claim 10, in reference to the Foster reference. As such, 
examiner's comments with regard to claim 10 are similarly applicable. 

5. Regarding claims 23, 27, and 31 , applicant makes similar arguments to those 
with respect to claim 10, in reference to the Foster reference. As such, examiner's 
comments with regard to claim 10 are similarly applicable. 

Claim Rejections - 35 USC §103 

6. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

7. Claims 10, 1 1 , 16, 17, 20, 24, 28, and 32 are rejected under 35 U.S.C. 103(a) as 
being anticipated by US 2003/0204618, Foster et al and WO 99/14931, Dalton et al. 

8. As per claim 1 0, Foster teaches a method of maintaining a routing table in a 
system that includes a packet forwarder and a packet control device, the packet 
forwarder including a plurality of network interfaces (Figure 2A, where each packet 
forwarder has multiple connection interfaces), the packet control device including a 
plurality of network interface and a plurality of virtual interfaces each of the virtual 
interfaces having address information that is associated with one of the network 
interfaces of the packet forwarder (paragraph [0029], where the virtual identifier 
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translation table reflects the IP ports related to the virtual interfaces of the VPN), the 

method comprising: 

dividing the network interfaces of the packet control device and the virtual 
interfaces into a plurality of groups (Figures 2B and 2C, where the virtual and real 
addresses are kept separately and routed accordingly); 
deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 16-17, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); and 

transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

maintaining a routing table of each for the groups using a routing process 
associated with each of the groups (Figures 2B and 2C, where the virtual and 
real addresses are kept separately and routed accordingly). 
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Foster does not expressly teach that the packet forwarder and the routing device are 
located in separate networked devices. Dalton teaches a routing engine wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Foster. Foster's system 
allows a packet forwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

9. As per claim 1 1 , Foster further teaches wherein the virtual interfaces are grouped 
for each packet forwarder, further comprising maintaining a routing table of each packet 
forwarder using a routing process associated with each of the virtual interfaces grouped 
(Page 5, paragraph [0029], where each IFM maintains a virtual identifier table for each 
of its ports). 

1 0. As per claim 1 6, Foster teaches a computer-readable storage for controlling a 
computer, comprising a computer program for maintaining a routing table (page 2, 
paragraph [0013], where the system is a software facility), the packet forwarder 



Application/Control Number: 10/781,792 Page 6 

Art Unit: 2444 

including a plurality of network interfaces (Figure 2A, where each packet forwarder has 
multiple connection interfaces), the packet control device including a plurality of network 
interfaces and a plurality of virtual interfaces each of the virtual interfaces having 
address information that is associated with one of the network interfaces of the packet 
forwarder (page 5, paragraph [0029], where the virtual identifier translation table reflects 
the IP ports related to the virtual interfaces of the VPN), the computer program including 
computer executable instructions which, when executed by the computer, cause the 
computer to perform: 

dividing the network interfaces of the packet control device and the virtual 
interfaces into a plurality of groups (Figures 2B and 2C, where the virtual and real 
addresses are kept separately and routed accordingly); 
deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 16-17, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); and 
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transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

maintaining a routing table of each of the groups using a routing process 

associated with each of the groups (Figures 2B and 2C, where the virtual and 

real addresses are kept separately and routed accordingly). 
Foster does not expressly teach that the packet forwarder and the routing device are 
located in separate networked devices. Dalton teaches a routing engine wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Foster. Foster's system 
allows a packet forwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 
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11. As per claim 1 7, Foster further teaches the virtual interfaces are grouped for 
each packet forwarder, and the instructions further cause the computer to perform 
maintaining a routing table of each packet forwarder using a routing process associated 
with each of the virtual interfaces grouped (Page 5, paragraph [0029], where each IFM 
maintains a virtual identifier table for each of its ports). 

12. As per claim 20, Foster teaches a router control device (abstract, where the 
system processes received data for routing through a network) comprising: 

a virtual interface setting unit that creates and manages virtual interfaces on a 
router control device according to corresponding network interfaces of a 
forwarder, each of the virtual interfaces having address information that is 
associated with one of the network interfaces of the forwarder (Page 5, 
paragraph [0029], where the IFM maintains a virtual identifier table for each of its 
ports); 

a routing unit that generates a routing table for the forwarder based on routing 
information in routing information packets received at the network interface of the 
forwarder and transferred by the forwarder to the router control device (Figures 
2B and 2C and accompanying description beginning page 5, paragraph [0032], 
where the device forms routing information tables according to the source and 
destination identifiers); 

a deciding unit that decides on, according to a routing protocol, a path to be 
selected based on information of the network interface and routing information 
which the packet control device exchanges with the other packet control device 
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in a network (paragraphs 16-17, where the path for the packet to be sent may be 
determined dynamically by the network manager, and each device may be 
configured along the path to be notified of the virtual path); 
a registering unit that registers the path by the deciding to a routing table 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); and 

a routing information storage unit that stores a routing table created and 
managed by the routing unit for packet forwarding between the virtual interfaces 
that are associated with an address of the virtual interface (Page 5, paragraph 
[0029], where each IFM contains a virtual identifier table for each of its ports). 

Foster does not expressly teach that the packet forwarder and the routing device are 

located in separate networked devices. Dalton teaches a routing engine wherein: 

the packet forwarder is connected to the packet routing control device through a 

network (page 22, lines 1-23, where the routing engine processes and returns a request 

for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Foster. Foster's system 
allows a packet forwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
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routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

1 3. As per claim 24, Foster teaches a method of maintaining a routing table 

(abstract), comprising: 

creating and managing virtual interfaces on a router control device according to 
corresponding network interfaces of a forwarder, each of the virtual interfaces 
having address information that is associated with one of the network interfaces 
of the forwarder (Page 5, paragraph [0029], where the IFM maintains a virtual 
identifier table for each of its ports); 

deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

generating a routing table for the forwarder based on routing information in 
routing information packets received at the network interface of the forwarder and 
transferred by the forwarder to the router control device (Figures 2B and 2C and 
accompanying description beginning page 5, paragraph [0032], where the device 
forms routing information tables according to the source and destination 
identifiers); and 



Application/Control Number: 1 0/781 ,792 Page 1 1 

Art Unit: 2444 

registering the path by the deciding to a routing table (paragraphs 16-17, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); 

transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

storing a routing table created and managed by the routing unit for packet 

forwarding between the virtual interfaces (Page 5, paragraph [0029], where each 

IFM contains a virtual identifier table for each of its ports). 
Foster does not expressly teach that the packet forwarder and the routing device are 
located in separate networked devices. Dalton teaches a routing engine wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Foster. Foster's system 
allows a packet forwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
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routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

14. As per claim 28, Foster teaches a computer-readable storage for controlling a 
computer, comprising a computer program for maintaining a routing table (abstract), 
including computer executable instructions which, when executed by the computer, 
cause the computer to perform: 

creating and managing virtual interfaces on a router control device according to 
corresponding network interfaces of a forwarder, each of the virtual interfaces 
having address information that is associated with one of the network interfaces 
of the forwarder (Page 5, paragraph [0029], where the IFM maintains a virtual 
identifier table for each of its ports); 

deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

generating a routing table for the forwarder based on routing information in 
routing information packets received at the network interface of the forwarder and 
transferred by the forwarder to the router control device (Figures 2B and 2C and 
accompanying description beginning page 5, paragraph [0032], where the device 
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forms routing information tables according to the source and destination 
identifiers); and 

registering the path by the deciding to a routing table (paragraphs 16-17, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); and 

transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

storing a routing table created and managed by the routing unit for packet 

forwarding between the virtual interfaces (Page 5, paragraph [0029], where each 

IFM contains a virtual identifier table for each of its ports). 
Foster does not expressly teach that the packet forwarder and the routing device are 
located in separate networked devices. Dalton teaches a routing engine wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Foster. Foster's system 
allows a packet forwarder to create virtual channels for a packet to travel through a 
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network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

1 5. As per claim 32, Dalton teaches a method performed by a processor of 

controlling a router, comprising: 

connecting a router control device to a forwarder through a network (page 22, 
lines 1-23, where the routing engine processes and returns a request for route 
information to a packet routing device); 

creating and managing interfaces, each having address information that is 
associated with one of a plurality of network interfaces of the forwarder, on the 
router control device (page 22, lines 1-23, where the routing engine processes 
and returns a request for route information to a packet routing device); and 
outputting (page 22, lines 1-23, where the routing engine processes and returns 
a request for route information to a packet routing device) 
Dalton does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
a virtual interface that has address information associated with the network 
interface of the packet forwarder (page 5, paragraph [0029], where the virtual 
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identifier translation table reflects the IP ports related to the virtual interfaces of 
the VPN); and 

deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 16-17, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); 

transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); 

a transmitted packet reception unit that receives the routing information packet 
and that associates the routing information packet with the virtual interface 
(Figure 3, Virtual Identifier Translation Table 325). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the system of Dalton. 
Dalton generally teaches that the central routing authority oversees packet transfer over 
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local gateways. One way of rerouting packets involves using virtual addresses, which 
simplify routing, as they allow a path to be reconfigured in a manner transparent to a 
source (Foster, page 3, paragraph [0019]). This would be beneficial in Dalton's system, 
as it would allow the central authority to work with another layer of security and 
simplicity, as well as the ability to work on various network types. 

16. Claims 1-9, 12-15, 18, and 19 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US 2003/0204618, Foster et al, US 6 496 935, Fink et al and WO 
99/14931, Dalton et al. 

17. As per claim 1 , Fink teaches a packet control system (abstract) comprising: 

a packet forwarder that transfers a packet received from a network interface to 

another network interface (Figure 1 , pre-filtering module); and 

a packet control device that routes the packet using a routing process (Figure 1 , 

firewall 18, where the routing information is filter information), wherein 

the packet forwarder includes 

a received packet transfer unit that transmits to the packet control device a 
routing information packet received from the network interface (Column 6, 
line 65 to column 7, line 16, where the firewall receives the packet and 
determines whether the packet should be permitted to enter and/or leave 
the network), and wherein 
the packet control device includes 

a transmitted packet reception unit that receives the routing information 
packet (Column 6, line 67, where the firewall inspects the packets, which 
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thereby have been transferred from the pre-filtering module to the firewall), 
that associates the routing information packet with the interface (Column 
7, lines 2-4, where the firewall determines if the connection should be 
permitted to pass through the device interface), and that delivers the 
routing information packet to the routing process (Column 7, lines 1-4, 
where the analysis module performs the determination); and 
a transmitted packet transfer unit that receives the routing information 
packet sent by the routing process, and that transmits the routing 
information packet to the packet forwarder (Column 7, lines 17-21 , where 
the firewall passes the relevant instructions concerning the packet to the 
pre-filtering module). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
a virtual interface that has address information associated with the network 
interface of the packet forwarder (page 5, paragraph [0029], where the virtual 
identifier translation table reflects the IP ports related to the virtual interfaces of 
the VPN); and 

deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
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dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 16-17, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); and 

transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

a transmitted packet reception unit that receives the routing information packet 
and that associates the routing information packet with the virtual interface 
(Figure 3, Virtual Identifier Translation Table 325). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (Column 7, line 1 1 ). One way 
of rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 
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Neither Fink nor Foster expressly teaches that the packet forwarder and the routing 
device are located in separate networked devices. Dalton teaches a routing engine 
wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Fink or Foster. Fink's 
system generally allows for a device to filter and process packets. Foster's system 
allows a packet forwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

18. As per claim 2, Fink teaches a packet control device which constructs a routing 
table for a packet forwarder controlled by the packet control device, using a routing 
process running on the packet control device, the packet control device comprising: 
a transmitted packet reception unit that receives the routing information packet 
transmitted from the packet forwarder (Column 6, line 67, where the firewall 
inspects the packets, which thereby have been transferred from the pre-filtering 
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module to the firewall), that associates the routing information packet with the 
interface corresponding to an incoming network interface of the packet forwarder 
(Column 7, lines 2-4, where the firewall determines if the connection should be 
permitted to pass through the device interface), and that transmits the routing 
information packet to the routing process (Column 7, lines 1-4, where the 
analysis module performs the determination); and 

a transmitted packet transfer unit that receives the routing information packet 
sent by the routing process, and that transmits the routing information packet to 
the packet forwarder (Column 7, lines 1 7-21 , where the firewall passes the 
relevant instructions concerning the packet to the pre-filtering module). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 16-17, where 
the path for the packet to be sent may be determined dynamically by the network 
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manager, and each device may be configured along the path to be notified of the 
virtual path); and 

transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

a virtual interface that has address information associated with the network 
interface of the packet forwarder (page 5, paragraph [0029], where the virtual 
identifier translation table reflects the IP ports related to the virtual interfaces of 
the VPN). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (column 7, line 1 1 ). One way of 
rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 

Neither Fink nor Foster expressly teaches that the packet forwarder and the routing 
device are located in separate networked devices. Dalton teaches a routing engine 
wherein: 
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the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Fink or Foster. Fink's 
system generally allows for a device to filter and process packets. Foster's system 
allows a packet forwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

1 9. As per claim 3, Fink further teaches: 

a routing table transfer unit that acquires a routing table updated by the routing 
process, and that transmits the routing table to the packet forwarder (column 4, 
lines 51-55, where the firewall sends packet passage information to the pre- 
filtering module, which allows for forwarding and routing by the forwarder). 

20. As per claim 4, Fink teaches a packet control device which constructs a routing 
table for a packet forwarder controlled by the packet control device which determines an 
outgoing network interface of the packet received at an incoming network interface of 
the packet forwarder (column 5, lines 47-59, where the rule base establishes forwarding 



Application/Control Number: 1 0/781 ,792 Page 23 

Art Unit: 2444 

rules for packets, permitting them to be forwarded through to the output interface or 
dropping them if they violate the rules of the rule base), the packet control device 
comprising: 

a plurality of network interfaces (column 7, lines 28-32, where the pre-filtering 
module features a plurality of network interfaces). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 

a plurality of virtual interfaces each having address information that is associated 
with one of the network interfaces of the packet forwarder (page 7, paragraph 
[0044], where the computing device uses virtual identifiers when transmitting and 
receiving data communications), the network interfaces of the packet control 
device and the virtual interfaces being divided into a plurality of groups (page 5, 
paragraph [0029], where the virtual identifier translation table reflects the IP ports 
related to the virtual interfaces of the VPN), wherein 
deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 
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registering the path by the deciding to a routing table (paragraphs 16-17, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); and 

transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

the packet control device routes the packet using a routing process associated 
with each of the groups considering interfaces belongs to the groups to create a 
dedicated routing table for each, the each of the groups corresponds to a 
separate device (Figures 2B and 2C, where the virtual and real addresses are 
kept separately and routed accordingly). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (column 7, line 1 1 ). One way of 
rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 
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Neither Fink nor Foster expressly teaches that the packet forwarder and the routing 
device are located in separate networked devices. Dalton teaches a routing engine 
wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Fink or Foster. Fink's 
system generally allows for a device to filter and process packets. Foster's system 
allows a packet forwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

21 . As per claim 5, Foster further teaches wherein the virtual interfaces are grouped 
for each packet forwarder, and the packet control device maintains routing tables using 
a routing process associated with each of the virtual interfaces grouped (Figures 2B and 
2C, where each table uses different routing processes to make connections). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include separate routing tables for virtual and real addresses. Fink teaches that the 



Application/Control Number: 1 0/781 ,792 Page 26 

Art Unit: 2444 

analysis module of the firewall determines actions to take with the packet, including that 
of rewriting address fields (column 7, line 11). One way of rewriting addresses involves 
using virtual addresses, which simplify routing, as they allow a path to be reconfigured 
in a manner transparent to a source (Foster, page 3, paragraph [0019]). This would be 
beneficial in Fink's system, as it would allow the firewall to work with another layer of 
security and simplicity, as well as the ability to work on various network types. 
22. As per claim 6, Fink teaches a packet forwarder which forwards a packet from its 
network interface to its other network interface according to its routing table that makes 
a destination address of a packet associate with a next transfer destination (Column 5, 
lines 51-54, where the system routes according to filtering rules), comprising a received 
packet transfer unit that transmits a routing information packet received at the network 
interface to a packet control device that maintains the routing table of the packet 
forwarder using a routing process that generates the routing table based on routing 
information no the packet received at the network interface (column 9, lines 1-16, where 
the pre-filtering module receives packets from an external source, such as a MAC 
interface, and forwards the packet to the firewall through the firewall interface). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
a virtual interface that has address information associated with the network 
interface of the packet forwarder (page 5, paragraph [0029], where the virtual 
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identifier translation table reflects the IP ports related to the virtual interfaces of 
the VPN); and 

deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 16-17, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); and 

transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

a transmitted packet reception unit that receives the routing information packet 
and that associates the routing information packet with the virtual interface 
(Figure 3, Virtual Identifier Translation Table 325). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
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with the packet, including that of rewriting address fields (Column 7, line 1 1 ). One way 
of rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 

Neither Fink nor Foster expressly teaches that the packet forwarder and the routing 
device are located in separate networked devices. Dalton teaches a routing engine 
wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Fink or Foster. Fink's 
system generally allows for a device to filter and process packets. Foster's system 
allows a packet forwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 
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23. As per claim 7, Fink further teaches a routing table setting unit that receives the 
routing table from the packet control device, and that sets the routing table to the packet 
forwarder (Column 7, line 62 through column 8, line 3, where the pre-filtering module 
contains a connection database which stores in its memory instructions from the 
firewall). 

24. As per claim 8, Fink teaches a method of maintaining a routing table using a 
routing process (abstract, where the pre-filtering module performs a limited set of 
actions with packets previously permitted by the firewall), the method comprising: 

receiving a routing information packet which is received by a packet forwarder 
(column 8, lines 12-15, where the pre-filtering module sends information to the 
firewall for processing); 

delivering the routing information packet to the routing process (column 6, line 65 
through column 7, line 3, where the firewall passes the packet to the analysis 
module for determination of whether the packet is allowed); 
receiving the routing information packet sent by the routing process (column 7, 
lines 17-21, where the firewall forwards the relevant instructions to the pre- 
filtering module, inherently receiving them from the analysis module for 
forwarding); and 

transmitting the routing information packet to the packet forwarder for 
transmitting from its network interface (column 7, lines 17-21, where the firewall 
forwards the relevant instructions for the packet to the pre-filtering module). 
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Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 16-17, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); and 

transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

associating the routing information packet with a virtual interface that has 
address information associated with a network interface of the packet forwarder 
(page 5, paragraph [0029], where the virtual identifier translation table reflects 
the IP ports related to the virtual interfaces of the VPN). 
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It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (Column 7, line 1 1 ). One way 
of rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 

Neither Fink nor Foster expressly teaches that the packet forwarder and the routing 
device are located in separate networked devices. Dalton teaches a routing engine 
wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Fink or Foster. Fink's 
system generally allows for a device to filter and process packets. Foster's system 
allows a packet forwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
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routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

25. As per claim 9, Fink further teaches: 

acquiring a routing table updated by the routing process (column 6, line 65 
through column 7, line 21, where the analysis module makes determinations, 
which are passed on by the firewall to the pre-filtering module); and 
transmitting the routing table to the packet forwarder (column 7, line 62 through 
column 8, line 3, where the pre-filtering module contains a connection database 
which stores in its memory instructions from the firewall). 

26. As per claim 12, Fink teaches a method of maintaining a routing table of a packet 
forwarder (Column 7, line 62 through column 8, line 3, where the pre-filtering module 
contains a connection database which stores in its memory instructions from the 
firewall), the method comprising: 

receiving a routing information packet from a network interface of a packet 
forwarder (Figure 1 , where packets enter and leave the gateway through network 
interfaces before they are processed by the pre-filtering module and the firewall, 
also column 9, lines 1-16, where the pre-filtering module receives packets from 
an external source); and 

transferring the routing information packet to a packet control device, wherein the 
routing table makes a destination address of a packet associate with a next 
transfer destination (Column 6, line 65 to column 7, line 1 6, where the firewall 
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receives the packet and determines whether the packet should be permitted to 
enter and/or leave the network, also column 9, lines 1-16, where the pre-filtering 
module receives packets from an external source and forwards the packet to the 
firewall through the firewall interface). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 16-17, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); and 

transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 
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associating the routing information packet with a virtual interface that has 
address information associated with a network interface of the packet forwarder 
(page 5, paragraph [0029], where the virtual identifier translation table reflects 
the IP ports related to the virtual interfaces of the VPN). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (Column 7, line 1 1 ). One way 
of rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 

Neither Fink nor Foster expressly teaches that the packet forwarder and the routing 
device are located in separate networked devices. Dalton teaches a routing engine 
wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Fink or Foster. Fink's 
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system generally allows for a device to filter and process packets. Foster's system 
allows a packet forwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

27. As per claim 1 3, Fink further teaches: 

receiving the routing table from a packet control device (Column 6, line 65 
through column 7, line 3, where the firewall passes the packet to the analysis 
module for determination of whether the packet is allowed); and 
setting the routing table to the packet forwarder (Column 7, lines 17-21 , where 
the relevant instructions for the packet are passed from the firewall to the pre- 
filtering module). 

28. As per claim 14, Fink teaches a computer-readable storage for controlling a 
computer, comprising a computer program for routing a packet using a routing process, 
including computer executable instructions which, when executed by the computer 
(Column 3, line 63 through column 4, line 6, where the method can be implemented as 
software), cause the computer to perform: 

receiving a routing information packet from a network interface of a packet 
forwarder (Figure 1 , where packets enter and leave the gateway through network 
interfaces before they are processed by the pre-filtering module and the firewall); 
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transmitting the routing information packet to a packet control device (Column 6, 
line 65 to column 7, line 16, where the firewall receives the packet and 
determines whether the packet should be permitted to enter and/or leave the 
network); 

receiving the routing information packet from the packet forwarder (Figure 3, step 
4b, where the packet is received by firewall from pre-filtering module); 
transmitting the routing information packet to the routing process (column 6, line 
65 through column 7, line 3, where the firewall passes the packet to the analysis 
module for determination of whether the packet is allowed); 
receiving the routing information packet transmitted from the routing process 
(column 7, lines 17-21 , where the firewall forwards the relevant instructions to the 
pre-filtering module, inherently receiving them from the analysis module for 
forwarding); and 

transmitting the routing information packet to the packet forwarder (column 7, 
lines 17-21, where the firewall forwards the relevant instructions for the packet to 
the pre-filtering module). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
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(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 16-17, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); and 

transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

associating the routing information packet with a virtual interface that has 
address information associated with the network interface (page 5, paragraph 
[0029], where the virtual identifier translation table reflects the IP ports related to 
the virtual interfaces of the VPN). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (Column 7, line 1 1 ). One way 
of rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
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firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 

Neither Fink nor Foster expressly teaches that the packet forwarder and the routing 
device are located in separate networked devices. Dalton teaches a routing engine 
wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Fink or Foster. Fink's 
system generally allows for a device to filter and process packets. Foster's system 
allows a packet forwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

29. As per claim 1 5, Fink further teaches the instructions further cause the computer 
to perform: 
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acquiring a routing table updated by the routing process (column 7, line 62 
through column 8, line 3, where the pre-filtering module contains a connection 
database which stores in its memory instructions from the firewall); and 
transmitting the routing table to the packet forwarder (column 4, lines 51-55, 
where the firewall sends packet passage information to the pre-filtering module, 
which allows for forwarding and routing by the forwarder). 
30. As per claim 18, Fink teaches a computer-readable storage for controlling a 
computer, comprising computer program for maintaining a routing table of a packet 
forwarder, including computer executable instructions which, when executed by the 
computer (Column 3, line 63 through column 4, line 6, where the method can be 
implemented as software), cause the computer to perform: 

receiving a routing information packet from a network interface of the packet 
forwarder (Figure 1 , where packets enter and leave the gateway through network 
interfaces before they are processed by the pre-filtering module and the firewall, 
also column 9, lines 1-16, where the pre-filtering module receives packets from 
an external source); and 

transferring the routing information packet to the packet control device, wherein 
the routing table makes a destination address of a packet associate with a next 
transfer destination (Column 6, line 65 to column 7, line 1 6, where the firewall 
receives the packet and determines whether the packet should be permitted to 
enter and/or leave the network, also column 9, lines 1-16, where the pre-filtering 
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module receives packets from an external source and forwards the packet to the 
firewall through the firewall interface). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 16-17, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); and 

transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

associating the routing information packet with a virtual interface that has 
address information associated with the network interface (page 5, paragraph 
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[0029], where the virtual identifier translation table reflects the IP ports related to 

the virtual interfaces of the VPN). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (Column 7, line 1 1 ). One way 
of rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 

Neither Fink nor Foster expressly teaches that the packet forwarder and the routing 
device are located in separate networked devices. Dalton teaches a routing engine 
wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Fink or Foster. Fink's 
system generally allows for a device to filter and process packets. Foster's system 
allows a packet forwarder to create virtual channels for a packet to travel through a 
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network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

31 . As per claim 1 9, Fink further teaches the instructions further cause the computer 
to perform: 

receiving the routing table from a packet control device (Column 6, line 65 
through column 7, line 3, where the firewall passes the packet to the analysis 
module for determination of whether the packet is allowed); and 
setting the routing table to the packet forwarder (Column 7, lines 17-21 , where 
the relevant instructions for the packet are passed from the firewall to the pre- 
filtering module). 

32. Claims 21-23, 25-27, and 29-31 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US 2003/0204618, Foster et al and WO 99/14931 , Dalton et al as 
applied to claims 20, 24, and 28 above, and further in view of US 6 272 522, Lin et al. 

33. As per claim 21 , neither Foster or Dalton expressly teaches a specific method of 
generating or updating the routing tables for his system. Lin teaches a method of routing 
within a packet switching system comprising: 

a tunnel transfer unit that transfers the routing information packet via a 
communication path that connects between the network interface and the virtual 
interface (Column 10, lines 17-42, where the packet is sent from the network 
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interface of the switching processor to the virtual interface of the control 
processor), wherein 

the routing information storage unit stores the routing information in the routing 
information packet transferred by the tunnel transfer unit (Column 6, lines 43-54, 
where the raw load data is sent to the master module to determine the new load 
balancing), and 

the routing unit generates the routing table for the forwarder based on the routing 
information stored in the routing information storage unit (Column 6, lines 4-6, 
where the control processor writes the new load balancing information into the 
shared memory for use by the switching processor). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

34. As per claim 22, neither Foster nor Dalton expressly teaches a specific method of 
generating or updating the routing tables for his system. Lin teaches a method of routing 
within a packet switching system comprising: 

a routing table transmission unit that acquires the routing table and that transmits 
the routing table to the forwarder (Column 6, lines 4-6, where the distribution data 
is written into the shared memory for use by the switching processor), wherein 
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the routing unit generates the routing table for the forwarder based on the routing 
information stored in the routing information storage unit (Column 6, lines 55-60, 
where the switching processor accesses the routing table stored in the shared 
memory). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

35. As per claim 23, Lin teaches a router control system which includes a forwarder 
and a router control device (Figure 1 , pre-filtering module and firewall), wherein 
the router control device includes 

a tunnel transfer unit that transfers the routing information packet via a 
communication path that connects between the network interface and the 
virtual interface (Column 10, lines 17-42, where the packet is sent from the 
network interface of the switching processor to the virtual interface of the 
control processor); 

a routing unit that generates the routing table for the forwarder based on 
the routing information stored in the routing information storage unit 
(Column 2, line 66, through column 3, line 3, where the control processor 
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server to generate configuration information for the switching processors); 
and 

the routing table transmission unit that acquires the routing table, and transmits 
the routing table to the forwarder (Column 6, lines 4-6, where the distribution data 
is written into the shared memory for use by the switching processor), and 
the forwarder forwards a packet from its network interface to its other network 
interface according to its routing table (abstract, where the switching processors 
route received packets through to an external network), and includes a received 
packet transfer unit that transmits a routing information packet received at the 
network interface to the router control device that maintains the routing table of 
the forwarder using a routing process (Column 6, lines 43-54, where the raw load 
data is sent to the control processor, and after the data is processed, it is written 
into shared memory and used by the switching processors (Column 6, lines 4-6)). 
Lin does not teach a virtual interface method for use with his routing system. Foster 
teaches a system that routes packets using virtual identifier, where the router control 
device includes: 

a virtual interface setting unit that that creates and manages virtual 
interfaces on a router control device according to corresponding network 
interfaces of a forwarder, each of the virtual interfaces having address 
information that is associated with one of the network interfaces of the 
forwarder (Page 5, paragraph [0029], where the IFM maintains a virtual 
identifier table for each of its ports); 
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a deciding unit for deciding on, according to a routing protocol, a path to 
be selected based on information of the network interface and routing 
information which the packet control device exchanges with the other 
packet control device in a network (paragraphs 16-17, where the path for 
the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified 
of the virtual path); 

a registering unit for registering the path by the deciding to a routing table 
(paragraphs 16-17, where the path for the packet to be sent may be 
determined dynamically by the network manager, and each device may be 
configured along the path to be notified of the virtual path); and 
a transmitting unit for transmitting the packet to the packet forwarder 
including the network interface that is associated with an address of the 
virtual interface (paragraph [0029], where the virtual identifier translation 
table reflects the IP ports related to the virtual interfaces of the VPN); and 
a routing information storage unit that stores routing information in the 
routing information packet transferred by the tunnel transfer unit (Page 5, 
paragraph [0029], where each IFM contains a virtual identifier table for 
each of its ports). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to use a virtual addressing method such as that taught by Foster in the system 
disclosed by Lin. Lin's system effectively reroutes packets, regardless of the packet 
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type. Foster's virtual identifier method would simplify routing, as it allows a path to be 

reconfigured in a manner transparent to a source (Foster, page 3, paragraph [0019]). 

This would be beneficial in Lin's system, as it would allow the routing table to work with 

virtual as well as physical addresses, making it more versatile. 

Neither Foster nor Lin expressly teaches that the packet forwarder and the routing 

device are located in separate networked devices. Dalton teaches a routing engine 

wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Foster. Foster's system 
allows a packet forwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

36. As per claim 25, neither Foster nor Dalton expressly teaches a specific method of 
generating or updating the routing tables for his system. Lin teaches a method of routing 
within a packet switching system comprising: 
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transferring the routing information packet via a communication path that 
connects between the network interface and the virtual interface (Column 10, 
lines 17-42, where the packet is sent from the network interface of the switching 
processor to the virtual interface of the control processor), wherein 

the storing includes storing the routing information in the routing 
information packet transferred by the tunnel transfer unit (Column 6, lines 
43-54, where the raw load data is sent to the master module to determine 
the new load balancing), and 

the generating includes generating the routing table for the forwarder 
based on the routing information stored (Column 6, lines 4-6, where the 
control processor writes the new load balancing information into the 
shared memory for use by the switching processor). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

37. As per claim 26, neither Foster nor Dalton expressly teaches a specific method of 
generating or updating the routing tables for his system. Lin teaches a method of routing 
within a packet switching system comprising: 
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acquiring the routing table (Column 6, lines 4-6, where the distribution data is 
written into the shared memory for use by the switching processor); and 
transmitting the routing table to the forwarder (Column 6, lines 4-6, where the 
distribution data is written into the shared memory for use by the switching 
processor), wherein 

the generating includes generating the routing table for the forwarder based on 
the routing information stored (Column 6, lines 55-60, where the switching 
processor accesses the routing table stored in the shared memory). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

38. As per claim 27, Lin teaches a method of maintaining a routing table (Figure 1 , 

pre-filtering module and firewall), comprising: 

transferring the routing information packet by tunneling via a communication path 
that connects between the network interface and the virtual interface (Column 10, 
lines 17-42, where the packet is sent from the network interface of the switching 
processor to the virtual interface of the control processor); 
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generating a routing table for the forwarder based on the routing information 
stored (Column 2, line 66, through column 3, line 3, where the control processor 
server to generate configuration information for the switching processors); 
acquiring the routing table (Column 6, lines 4-6, where the distribution data is 
written into the shared memory for use by the switching processor); 
transmitting the routing table to the forwarder (Column 6, lines 4-6, where the 
distribution data is written into the shared memory for use by the switching 
processor); 

forwarding a packet from a network interface of the forwarder to other network 
interface of the forwarder according to a routing table of the forwarder (abstract, 
where the switching processors route received packets through to an external 
network); and 

transmitting a routing information packet received at the network interface of the 
forwarder to the router control device that maintains the routing table of the 
forwarder using a routing process (Column 6, lines 43-54, where the raw load 
data is sent to the control processor, and after the data is processed, it is written 
into shared memory and used by the switching processors (Column 6, lines 4-6)). 
Lin does not teach a virtual interface method for use with his routing system. Foster 
teaches a system that routes packets using virtual identifier, where the router control 
device includes: 

creating and managing virtual interfaces on a router control device according to 
corresponding network interfaces of a forwarder, each of the virtual interfaces 
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having address information that is associated with one of the network interfaces 
of the forwarder (Page 5, paragraph [0029], where the IFM maintains a virtual 
identifier table for each of its ports); 

deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 16-17, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); and 

transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

storing routing information on the routing information in the routing information 
packet transferred (Page 5, paragraph [0029], where each IFM contains a virtual 
identifier table for each of its ports). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to use a virtual addressing method such as that taught by Foster in the system 
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disclosed by Lin. Lin's system effectively reroutes packets, regardless of the packet 
type. Foster's virtual identifier method would simplify routing, as it allows a path to be 
reconfigured in a manner transparent to a source (Foster, page 3, paragraph [0019]). 
This would be beneficial in Lin's system, as it would allow the routing table to work with 
virtual as well as physical addresses, making it more versatile. 
Neither Foster nor Lin expressly teaches that the packet forwarder and the routing 
device are located in separate networked devices. Dalton teaches a routing engine 
wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Foster. Foster's system 
allows a packet forwarder to create virtual channels for a packet to travel through a 
network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 
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39. As per claim 29, neither Foster nor Dalton expressly teaches a specific method of 
generating or updating the routing tables for his system. Lin teaches a method of routing 
within a packet switching system wherein: 

instructions further cause the computer to perform transferring the routing 
information packet via a communication path that connects between the network 
interface and the virtual interface (Column 10, lines 17-42, where the packet is 
sent from the network interface of the switching processor to the virtual interface 
of the control processor), wherein 

the storing includes storing the routing information in the routing information 
packet transferred by the tunnel transfer unit (Column 6, lines 43-54, where the 
raw load data is sent to the master module to determine the new load balancing), 
and 

the generating includes generating the routing table for the forwarder based on 
the routing information stored (Column 6, lines 4-6, where the control processor 
writes the new load balancing information into the shared memory for use by the 
switching processor). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 
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40. As per claim 30, neither Foster nor Dalton expressly teaches a specific method of 
generating or updating the routing tables for his system. Lin teaches a method of routing 
within a packet switching system wherein: 

the instructions further cause the computer to perform: 

acquiring the routing table (Column 6, lines 4-6, where the distribution 
data is written into the shared memory for use by the switching processor); 
and 

transmitting the routing table to the forwarder (Column 6, lines 4-6, where 
the distribution data is written into the shared memory for use by the 
switching processor), wherein 

the generating includes generating the routing table for the forwarder 
based on the routing information stored (Column 6, lines 55-60, where the 
switching processor accesses the routing table stored in the shared 
memory). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

41 . As per claim 31 , Lin teaches a computer-readable storage for controlling a 
computer, comprising a computer program for maintaining a routing table, including 
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computer executable instructions stored on a computer readable medium, wherein the 
instructions, when executed by the computer, cause the computer to perform: 

transferring a routing information packet by tunneling via a communication path 
that connects between the network interface and the virtual interface (Column 10, 
lines 17-42, where the packet is sent from the network interface of the switching 
processor to the virtual interface of the control processor); 
generating a routing table for the forwarder based on the routing information 
stored (Column 2, line 66, through column 3, line 3, where the control processor 
server to generate configuration information for the switching processors); 
acquiring the routing table (Column 6, lines 4-6, where the distribution data is 
written into the shared memory for use by the switching processor); 
transmitting the routing table to the forwarder (Column 6, lines 4-6, where the 
distribution data is written into the shared memory for use by the switching 
processor); 

forwarding a packet from a network interface of the forwarder to another network 
interface of the forwarder according to a routing table of the forwarder (abstract, 
where the switching processors route received packets through to an external 
network); and 

transmitting a routing information packet received at the network interface of the 
forwarder to the router control device that maintains the routing table of the 
forwarder using a routing process (Column 6, lines 43-54, where the raw load 
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data is sent to the control processor, and after the data is processed, it is written 
into shared memory and used by the switching processors (Column 6, lines 4-6)). 
Lin does not teach a virtual interface method for use with his routing system. Foster 
teaches a system that routes packets using virtual identifier, where the router control 
device includes: 

creating and managing virtual interfaces on a router control device according to 
corresponding network interfaces of a forwarder, each of the virtual interfaces 
having address information that is associated with one of the network interfaces 
of the forwarder (Page 5, paragraph [0029], where the IFM maintains a virtual 
identifier table for each of its ports); 

deciding on, according to a routing protocol, a path to be selected based on 
information of the network interface and routing information which the packet 
control device exchanges with the other packet control device in a network 
(paragraphs 16-17, where the path for the packet to be sent may be determined 
dynamically by the network manager, and each device may be configured along 
the path to be notified of the virtual path); 

registering the path by the deciding to a routing table (paragraphs 16-17, where 
the path for the packet to be sent may be determined dynamically by the network 
manager, and each device may be configured along the path to be notified of the 
virtual path); and 

transmitting the packet to the packet forwarder including the network interface 
that is associated with an address of the virtual interface (paragraph [0029], 
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where the virtual identifier translation table reflects the IP ports related to the 
virtual interfaces of the VPN); and 

storing routing information on the routing information in the routing information 
packet transferred (Page 5, paragraph [0029], where each IFM contains a virtual 
identifier table for each of its ports); 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to use a virtual addressing method such as that taught by Foster in the system 
disclosed by Lin. Lin's system effectively reroutes packets, regardless of the packet 
type. Foster's virtual identifier method would simplify routing, as it allows a path to be 
reconfigured in a manner transparent to a source (Foster, page 3, paragraph [0019]). 
This would be beneficial in Lin's system, as it would allow the routing table to work with 
virtual as well as physical addresses, making it more versatile. 
Neither Foster nor Lin expressly teaches that the packet forwarder and the routing 
device are located in separate networked devices. Dalton teaches a routing engine 
wherein: 

the packet forwarder is connected to the packet routing control device through a 
network (page 22, lines 1-23, where the routing engine processes and returns a request 
for route information to a packet routing device). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to utilize a packet controller separate from the packet forwarder such as taught by 
Dalton in a packet forwarding system such as that taught by Foster. Foster's system 
allows a packet forwarder to create virtual channels for a packet to travel through a 
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network. In both systems, the device is required to route packets to a device through a 
network. Dalton's system benefits any forwarding system, as it provides a central 
routing authority, such that routing may be offloaded from the local gateways, allowing 
the system to function with a greater ability to meet set parameters (page 2, lines 13- 
23). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to THOMAS RICHARDSON whose telephone number is 
(571 ) 270-1 1 91 . The examiner can normally be reached on Monday through Thursday, 
8am-5pm EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William Vaughn can be reached on (571) 272-3922. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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